MCommunity is a directory and identity management system for the University of Michigan. This document describes some of the components of MCommunity (directory, Sponsor System, UMICH Password Hub, and more) and what they are used for.
What Is MCommunity?
MCommunity is an enterprise directory and identity management system that allows the university to know who is and is not a member of the U-M community so that central offices—as well as departments, schools, colleges, and campuses—can grant and remove access to their online resources as needed and appropriate.
Why Is It Important?
More and more of what the university does depends on knowing who is and is not a member of the university community and who is and is not therefore eligible to receive computing services and access to systems and data.
This information is needed for a wide variety of purposes, including:
Providing immediate access to U-M computing resources to those who are eligible.
Removing access to systems and information from those who leave the university or otherwise lose eligibility.
An Online Directory
The MCommunity Directory contains profiles for all current members of the university community—students, faculty, staff, alumni, and sponsored affiliates—on all three campuses (Ann Arbor, Dearborn, and Flint). The directory also contains groups, which can be created by anyone who has a directory profile. For an overview of the directory, see An Overview of the MCommunity Directory.
MCommunity is used to create uniqnames and accounts for incoming members of the U-M community so that they can use university computing services such as
The MCommunity Sponsor System allows authorized university employees to create identities in MCommunity for people who are affiliated with the university but who are not full members of the university community. These people are usually referred to as sponsored affiliates. There are two common purposes for such identities:
Preliminary IDs for early access. It is common practice for units to create accounts for incoming faculty members before they officially complete the hiring process and come to the university—that is, before information about them is in the university's Human Resources system. Units do this to provide incoming faculty members with early and needed access to university resources.
IDs for affiliated persons. Units also need to be able to create identities for individuals who are not, and may never be, students, faculty, staff, or alumni—people such as research collaborators, contractors, conference attendees, summer camp attendees, and so on.
For details about the Sponsor System, see MCommunity Sponsor System Overview.
The Identity Vault is the heart of the MCommunity system. It stores identity information about people and groups.
Information is provided about the Identity Vault for information technology staff whose systems will interact with MCommunity, administrative staff who need to know what data is available where, and others who are interested.
The part of the Identity Vault that stores data is composed of two parts:
Registry: The Registry stores all data received from each of the data sources that feed MCommunity. It's where the raw data is collected and held. The registry may contain multiple records for a single person. If, for example, an individual is a student on the Dearborn campus and an employee on the Ann Arbor campus, information about that individual will be provided to MCommunity both through the employee data feed from Wolverine Access and the student data feed from Dearborn. This information will be stored in the registry.
Directory: The directory contains consolidated, updated data—a single record for each person.
Also part of the Identity Vault is software that, following data precedence rules, determines which data goes in the directory when data from different sources conflict. The Identity Vault has software that keeps data synchronized within MCommunity and manages data changes coming in from various data sources.
Institutional Roles Information
University units must identify populations of faculty, staff and students based on their university roles. A school might wish to identify all the students in a particular program so it can give them access to licensed software or for-fee online publications, for example.
Basic institutional role information is included for individuals in MCommunity. Individual schools, colleges, and units may use the institutional roles to grant access to services. See the MCommunity Attributes section of LDAP Access to the MCommunity Directory for details about institutional role information in MCommunity.
Programmatic Directory Access Via an LDAP Tree
Data Sources for MCommunity
MCommunity's sources for people-oriented data are:
M-Pathways/Wolverine Access (PeopleSoft CSProd and HCMProd Databases). These databases are the authoritative source for identity information about
- Current U-M faculty
- Current U-M staff
- Current Ann Arbor campus students
People who wish to make changes in their official U-M identity information (stored in M-Pathways) may do so using Wolverine Access. MCommunity receives data from this source via a live data feed.
Office of University Development: This office provides identity information for alumni via the Donor and Alumni Relations Tool (DART). Updates to this information are provided to MCommunity nightly.
Dearborn Campus: The Dearborn Campus uses a Banner system for its directory of U-M Dearborn students. MCommunity receives a nightly data feed from this system.
Flint Campus: The Flint Campus also uses a Banner system for its directory of U-M Flint students. MCommunity receives a nightly data feed from this system.
Sponsor System: The MCommunity Sponsor System is used to enter identity information about departmentally sponsored guests and affiliates.
Data about groups is entered and managed by group owners.